package com.pankai.cn.controller;

import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authz.annotation.RequiresPermissions;
import org.apache.shiro.authz.annotation.RequiresRoles;
import org.apache.shiro.subject.Subject;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;

/**
 * @author pankai
 * @create 2020-12-03 17:28
 */
@Controller
@RequestMapping(value = "/order")
//@RequiresRoles(value = {"admin","user"}) // 用来判断角色，同时具有admin user
@RequiresPermissions(value = "user:update:01") // 用来判断权限字符串
public class OrderController {

    @RequestMapping(value = "/save")
    public String save(){

        // 获取主体对象
        Subject subject = SecurityUtils.getSubject();
        // 代码方式
        if (subject.hasRole("user")) {
            System.out.println("保存订单!");
        }else {
            System.out.println("出大问题了，无权访问!!!");
        }
        return "redirect:/index.jsp";
    }

}
